Network Ports Used by DNS
Applies To: Windows Server 2008
During DNS resolution, DNS messages are sent from DNS clients to DNS servers or between DNS servers. Messages are sent over UDP and DNS servers bind to UDP port 53. When the message length exceeds the default message size for a User Datagram Protocol (UDP) datagram (512 octets), the first response to the message is sent with as much data as the UDP datagram will allow, and then the DNS server sets a flag indicating a truncated response. The message sender can then choose to reissue the request to the DNS server using TCP (over TCP port 53). The benefit of this approach is that it takes advantage of the performance of UDP but also has a backup failover solution for longer queries.
In general, all DNS queries are sent from a high-numbered source port (49152 or above) to destination port 53, and responses are sent from source port 53 to a high-numbered destination port. The following table lists the UDP and TCP ports used for different DNS message types.
Note
To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista® and in Windows Server® 2008. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.
| Traffic Type | Source of Transmission | Source Port | Destination of Transmission | Destination Port |
|---|---|---|---|---|
Queries from local DNS server |
Local DNS server |
A random port numbered 49152 or above |
Any remote DNS server |
53 |
Responses to local DNS server |
Any remote DNS server |
53 |
Local DNS server |
A random port numbered 49152 or above |
Queries from remote DNS server |
Any remote DNS server |
A random port numbered 49152 or above |
Local DNS server |
53 |
Responses to remote DNS server |
Local DNS server |
53 |
Any remote DNS server |
A random port numbered 49152 or above |
Note
The DNS Server service in Windows Server 2008 supports Extension Mechanisms for DNS (EDNS0, as defined in RFC 2671), which allow DNS requestors to advertise the size of their UDP packets and facilitate the transfer of packets larger than 512 bytes. When a DNS server receives a request over UDP, it identifies the requestor’s UDP packet size from the option (OPT) resource record and scales its response to contain as many resource records as are allowed in the maximum UDP packet size specified by the requestor.
Windows Server 2008 DNS support for EDNS0 is enabled by default. It can be disabled using the registry. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
Add the entry EnableEDNSProbes to the subkey. Give the entry a DWORD value and set it to 0x0 to disable EDNS0.
Use extreme caution when editing the registry. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system.